Description

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

Remediation

References

CVE-2013-6712

Related Vulnerabilities

Oracle Application Server Credentials Management Errors Vulnerability (CVE-2002-2345)

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking Multiple Cross-Site Scripting Vulnerabilities (2.1.2)

WordPress Plugin WP Google Maps Multiple Cross-Site Scripting Vulnerabilities (6.0.26)

WordPress 3.3.1 Multiple Vulnerabilities (2.0 - 3.3.1)

Oracle HTTP Server Other Vulnerability (CVE-2020-35167)

Severity

Medium

Classification

CVE-2013-6712 CWE-119

Tags

Missing Update Known Vulnerabilities